United States Patent and Trademark Office 



UNITED STATES DEPARTMENT OF COMMERCE 
I nilid Stall-, l'atint and Trademark Office 

Address: COMMISSIONER FOR PATENTS 



APPLICATION NO. 



FILING DATE 



FIRST NAMED INVENTOR 



ATTORNEY DOCKET NO. CONFIRMATION NO. 



10/540.325 



00/22/2005 



1444 7590 08/12/2008 

BROWDY AND NEIMARK, P.L.L.C. 
624 NINTH STREET, NW 
SUITE 300 

WASHINGTON, DC 20001-5303 



Patrice Hameau 



VAUGHAN, MICHAEL R 



PAPER NUMBER 



DELIVERY MODE 



Please find below and/or attached an Office communication concerning this application or proceeding. 

The time period for reply, if any, is set in the attached communication. 



PTOL-90A (Rev. 04/07) 



l/ffflrC? nVrliUli Otfff Iff ids y 


Application No. 

10/540,325 


Applicant(s) 

HAMEAU ET AL. 


Examiner 

MICHAEL R. VAUGHAN 


Art Unit 

4148 





- The MAILING DATE of this communication appears on the cover sheet with the correspondence address — 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 .136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

1 )KI Responsive to communication(s) filed on 22 June 2005 . 
2a )□ This action is FINAL. 2b)^ This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) ^ Claim(s) U9 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) ^ Claim(s) 1^9 is/are rejected. 

7) |3 Claim(s) 1 and 7 is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) Q The specification is objected to by the Examiner. 

10) D The drawing(s) filed on is/are: a)D accepted or b)D objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1.85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) ^ Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 119(a)-(d) or (f). 
a)E| All b)D Some * c)D None of: 

1 Certified copies of the priority documents have been received. 

20 Certified copies of the priority documents have been received in Application No. . 

3.Q Copies of the certified copies of the priority documents have been received in this National Stage 
application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 



Attach ment(s) 

1) ^| Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) Information Disclosure Statement(s) (PTO/SB/08) 5 ) □ Notice of Informal Patent Application 
Paper No(s)/Mail Date 6/22/2005 . 6) □ Other: . 



PTOL-T26 d (Rev e 08-06r 



Office Action Summary 



Part of Paper No./Mail Date 20080721 



Application/Control Number: 10/540,325 Page 2 

Art Unit: 2131 

DETAILED ACTION 

The instant application having Application No. 10/540325 filed on 6/22/2005 is 
presented for examination by the examiner. 

Priority 

Acknowledgment is made of applicant's claim for foreign priority under 35 
U.S.C. 1 19(a)-(d). The certified copy has been received, filed on 06/22/2005. 

Drawings 

The subject matter of this application admits of illustration by a drawing to 
facilitate understanding of the invention. Applicant is required to furnish a drawing 
under 37 CFR 1 .81 (c). No new matter may be introduced in the required drawing. 
Each drawing sheet submitted after the filing date of an application must be labeled in 
the top margin as either "Replacement Sheet" or "New Sheet" pursuant to 37 CFR 
1.121(d). 

Claim Objections 

Claim 1 is objected to because of the following informalities: memory allocation 
units are referred to later by the language "allocation units". This causes a question as 
to whether the two are one and the same. Adding the word "memory" in every place 
that allocation units are recited would clear this matter up. Appropriate correction is 
required. 
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Claim 7 is objected to because of the following informalities: "the applications" 
has no antecedent basis. This poses the question of what is the application and how 
many are there. Appropriate correction is required. 

Claim Rejections - 35 USC §112 

The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 

Claims 1-9 are rejected under 35 U.S.C. 112, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter which 
applicant regards as the invention. 

Regarding claim 1 , the phrase "typically be" renders the claim indefinite because 
it is unclear whether the limitations following the phrase are part of the claimed 
invention. See MPEP § 2173.05(d). Since this language is present in the independent 
claim 1, all dependent claims are likewise rejected. 

As per claim 2, this above indefinite phrases causes a contradiction about the 
memory allocation. Claim 1 recites that memory allocation units may typically be a 
page OR a block. Then claim 2 go on to recite that the memory allocation unit IS a 
page. Therefore claim 2 states that the memory allocation is (i) a page OR a block and 
is (ii) a block. Appropriate correction is required. 



Claim Rejections - 35 USC § 102 
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The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

Claims 1-3, 5, and 7-9 are rejected under 35 U.S.C. 102(b) as being anticipated 
by USP 6,282,618 to Flenley, hereinafter Flenley. 

As per claim 1 , Flenley teaches a method for securing by software confinement, 
a computer system which executes codes which manipulate data (see Abstract), 
involving: 

- at least one memory manager [shared memory controller] managing memory 
allocation units which may typically be a page with a fixed size or a block with a variable 
size (col.3, lines 19-20 & col. 3, lines 66- col. 4, lines 2), and 

- at least possessors and requesters of memory allocation units which may typically be 
an application [web page] of the user of the operating system of the computer system or 
the operating system itself (col. 3, lines 14-15), 

said method comprising the following steps: 

- an allocation of memory performed by the memory manager upon request from 
another component of the operating system which transmits to said memory manager, 
the identity of the requester (col. 3, lines 14-15); 

- a check by the aforesaid memory manager of the whole of the allocation units, each 
being associated with a possessor of the memory allocation unit [checks memory space 
for existing webpage] (col. 3, lines 47-55); 

- an encryption of the data of each possessor by means of a key associated with this 



Application/Control Number: 10/540,325 Page 5 

Art Unit: 2131 

possessor (col. 4, lines 36-39; 

- a check by the memory manager, for each request to access a memory allocation unit, 
of the identity of the requester; if this identity is not identical to that of the possessor of 
said memory allocation unit, then access to the memory allocation unit is refused by the 
memory manager (col. 4, lines 62-65 and col. 5, lines 6-9); and 
a performance, by means of the memory manager, of encryption (in the case of a write 
request)[stored in shared memory] (col. 4, lines 40-45) or decryption [GetVariableEnc] 
(in the case of a read request) of the relevant data with the key associated with the 
possessor, this key being at least recalculated by the memory manager (col. 4, lines 46- 
47). 

As per claim 2, Flenley teaches the allocation unit is the page (col. 3, lines 39- 
40), and the memory manager, when it receives a request for allocating a block on 
behalf of a possessor of a memory allocation unit, first searches for a page with the 
same possessor so that all the blocks allocated by said possessor are found grouped in 
one or several dedicated pages (col. 3, line 67- col. 4, line 14). Flenley teaches that 
data is group by each web page accessing the shared memory whereby all is needed in 
an offset pointer to direct the possessor to the needed data inside the block (col. 3, line 
35). 

As per claim 3, Flenley teaches transmission of the identity of the requester is 
accomplished either by managing a current context, or by passing parameters to the 
functions of the memory manager (col. 5, lines 40-43). 
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As per claim 5, Flenley teaches the memory manager associates the key with 
each set of possessor and memory allocation unit instead of associating a unique key 
with each possessor (col. 4, lines 40-45). Flenley teaches the memory allocation unit, 
CCB, has a possessor and key. 

As per claim 7, Flenley teaches the memory manager integrates into each 
memory allocation unit, an area with which the integrity [validity] of the latter may be 
checked [checks the validity of the parameters] (col. 3, lines 57-61). 

As per claim 8, Flenley teaches combining with a physical protection mechanism 
(col. 4, lines 35-36). 

As per claim 9, Flenley teaches implementation on an embedded system [ATM] 
such as a terminal of the portable telephone type, a bank payment terminal, a portable 
payment terminal, a digital assistant or PDA, a chip card (col. 5, line 23). 

Claim Rejections - 35 USC § 103 

The following is a quotation of 35 U.S.C. 1 03(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claim 4 is rejected under 35 U.S.C. 103(a) as being unpatentable over Flenley in 
view of USP 7,353,281 to New, Jr. et al., hereinafter New. 



Application/Control Number: 10/540,325 Page 7 

Art Unit: 2131 

As per claim 4, Flenley is silent is explicitly teaching the memory manager 
dynamically calculates the key of a possessor from a secret associated with said 
possessor and a so-called master key to which only the memory manager has access. 
Flenley does however teach as an embodiment an ATM card being presented to an 
ATM machine in order to authenticate the user of the card based on personal 
identification stored on the card. New takes this process one step further by generating 
the encryption key based on the user's identification and a private key [master key] of 
the server hosting the applications (col. 5, lines 5-10 and col. 6, lines 26-36). New's 
way of generating the encryption key is more secure than Flenley's because it does not 
take a user's secret information into forming the encryption key. The use of 
asymmetrical cryptography is well known in the art. It would have been obvious at the 
time of the invention to one of ordinary skill in the art to incorporate New's dynamic 
calculation of a key from a secret associated with the possessor and the master key into 
Flenley's system because it would protect the secret information of the user from an 
attacker. Protection of this assures the user is who he says he is. The function of 
New's teaching would have been predictable to one of ordinary skill in the art at the time 
of the invention. 

Claim 7 is rejected under 35 U.S.C. 103(a) as being unpatentable over Flenley in 
view of USP 7,333,956 to Malcolm. 

As per claim 7, Flenley does not explicitly teach associating different security 
levels with the applications and using different encryption means according to the 
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associated security level. Flenley does teach that his method has the option of using 
encryption or not. Malcolm security system invokes a more granular strategy by 
allowing the system to choose the appropriate level of security by using different levels 
of encryption (col. 36, lines 31-41). As one of ordinary skill in the art knows, different 
encryption algorithms are stronger than others. Also one of ordinary skill knows that 
key length also carries with it a measure increases strength. Having the choice of 
encryption strength not allow inherently increases the security of the system but also 
avoids extraneous overhead by having to encrypt everything to the highest possible 
level when only certain cases need this type of security. Whereas Flenley has an all or 
not approach to encryption, incorporating Malcolm's teaching would provide predictable 
results of more security without inefficiency. Therefore it would have been obvious to 
one of ordinary skill in the art at the time of the invention to modify the teachings of 
Flenley with those of Malcolm in order to improve security without sacrificing efficiency. 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

US Patent Application Publication 2003/0188178 to Strongin et al., discloses a 
memory, system, and method for providing security for data stored within a memory 
and arranged within a plurality of memory regions. 

US Patent Application Publication 2003/01826458 to Teramoto et al., discloses a 
process creates the encrypted data region to be shared according to the common key 
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generated as a result of the safe key exchange, and the other process maps that 
region to its own address space or process space. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to MICHAEL R. VAUGHAN whose telephone number is 
(571)270-7316. The examiner can normally be reached on Monday - Thursday, 7:30am 
- 5:00pm, EST. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Ayaz Sheikh can be reached on 571-272-3795. The fax phone number for 
the organization where this application or proceeding is assigned is 571-273-8300. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). If you would like assistance from a 
USPTO Customer Service Representative or access to the automated information 
system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 



/M. R. V./ 

Examiner, Art Unit 2131 
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Supervisory Patent Examiner, Art Unit 2131 



